MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79407b3bc4334ff0fbe693829b0dc929ae9247f0ea647f2deb921ff21b29999a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 79407b3bc4334ff0fbe693829b0dc929ae9247f0ea647f2deb921ff21b29999a
SHA3-384 hash: 0da034c94961d190b18acd947b7a9639d2842e08b7836517d26d3aaceb8fb964ce5bfadb9232a579f471afd5cd10ddaa
SHA1 hash: 87bed08fa269ea50da31f9443796b3de2ca07ca6
MD5 hash: e9d264fbbe1915532af15c82c84ef7f7
humanhash: delaware-lion-grey-orange
File name:inv new.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:261'652 bytes
First seen:2021-01-18 09:06:44 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:kfRdC2MCjGBeUXprHWeMX3q+TgVLJCdZJoQ8wyaHfk1aaQIHVGNVPD+QCK0G0oZ1:kfRdCNve2prHWeMRgCdN/WIVPk3c7b1d
TLSH E0442349224C14DDDAE015DD277FEA2A7235B46329A0BD6A01413833AECDFA14E7F19E
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mail.123host.iq
Sending IP: 185.76.34.198
From: Mehmet Kumar . <info@zahrawigroup.com>
Reply-To: kuze1@mail.com
Subject: AW:Reply.
Attachment: inv new.rar (contains "inv.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
125
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/79407b3bc4334ff0fbe693829b0dc929ae9247f0ea647f2deb921ff21b29999a/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-18 03:34:04 UTC
AV detection:
11 of 46 (23.91%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pfahwo6egnh7b67gsobjwdojfgxjer7q5jsh6lplsip7egzjtgna._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/79407b3bc4334ff0fbe693829b0dc929ae9247f0ea647f2deb921ff21b29999a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 79407b3bc4334ff0fbe693829b0dc929ae9247f0ea647f2deb921ff21b29999a

(this sample)

Formbook

Executable exe bfa63841a36301ed60a4a0c177ad229a1b09266034182b7c8695fa5d7324f0b4

  
Dropping
MD5 59ca7615f52a57b4d4528956889491ca
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bfa63841a36301ed60a4a0c177ad229a1b09266034182b7c8695fa5d7324f0b4

Comments